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ABSTRACT 



Data security is provided using an encryption/decryp- 
tion algorithm which attaches at the primitive BIOS 
level of the operating system automatically during the 
power-on self-test routines. The encryption/decryption 
process is implemented by intercepting the removable 
media or floppy diskette interrupt in order to add addi- 
tional interrupt ahandling routing instructions which 
perform the encryption and decryption of data passed 
between the diskette controller and the data transfer 
buffer area within system RAM. Bitwise alteratio of the 
data in a predefined relationship is used to encrypt and 
decrypt. The encryption/decryption system sttaches 
before the computer power-up sequence renders data 
entry hardware active, hence the user cannot readily 
override the secrity system. Data stored on nonremova- 
ble media such as hard disk media is not encrypted, 
thereby preserving the integrity of more permanent 
data. 

11 Claims, 8 Drawing Sheets 
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COMPUTER SOFTWARE ENCRYPTION 
APPARATUS 

This is a continuation of U.S. patent application Ser. 5 
No. 227,730, filed Aug. 3, 1988 entitled "Computer 
Software Encryption Apparatus", now U.S. Pat. No. 
4,937,861. 

BACKGROUND AND SUMMARY OF THE 10 
INVENTION 

The present invention relates generally to data secu- 
rity for computer svstemsl Moigtpainncu l^ lv^trre lm^e'n^ 
fciqi^elate ato¥aMeWei^tii^ 

iQHiEQPtmetandwhieniam 

tt ^p^s_data>bein gmwrattei»tQ»remavableadata»stQrage^ 
media? A complementary decryption procedure is auto- 
matically invoked when data is read from the remov- 
able data storage medium. The encryption apparatus 20 
thus discourages the taking of data from the computer 
system by copying it onto a removable medium for use 
on a different computer system without decryption 
capabilities. 

Computer data is often stored on nonvolatile read/- 25 
write media such as magnetic disks, optical disks, mag- 
netic tape, and the like. Many popular computer sys- 
tems of today use both fixed data storage media, which 
cannot be readily removed from the system by the user, 
and removable media, which are intended to be re- 30 
moved from the system by the user. For example, many 
popular and minicomputer systems have nonremovable 
fixed disk or hard disk drives and removable floppy 
diskette drives. 

Data is frequently stored on nonvolatile read/write 35 
media as records or files, which provide a degree of 
organization to assist in locating and retrieving the 
stored data. The manner of storage as records or files 
can be unique to a particular make and model of com- 
puter system hardware, or it can be standardized to be 40 
compatible with other makes and models of computer 
system hardware. The latter allows one to transfer data 
from one computer system to another compatible com- 
puter system by simply writing the data onto a remov- 
able medium, such as a floppy diskette, removing the 45 
diskette to the other computer system and then reading 
the data from the diskette. 

With the proliferation of affordable combatible com- 
puter systems, the ability to share data in this fashion 
represents a significant security problem to businesses 50 
which store and process confidential and proprietary 
information using computer systems having the capabil- 
ity to support removable media. For example, a business 
right store confidential or proprietary information on its 
computer system fixed disk or hard disk, where the 55 
information can simply copied onto a floppy diskette 
and removed from the premises. 

A number of different security measures have been 
contemplated to combat this problem, although many 
such measures make it more difficult for users who use 60 
these systems on a daily basis. Also, incompatibilities 
with different types of application software products 
frequently arise when security systems are in place. This 
can render the computer system inoperative or unreli- 
able. 65 

Part of the compatibility problem can be attributed to 
the fact that there is presently less than adequate stan- 
dardization in the manner in which application pro- 
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grams interface with the computer system's underlying 
operating system. The operating system provides an 
environment in which the application program runs. 
Application programs are thus written to interface with 
the operating system, with the desire that the workings 
of the operating system will be transparent to the user. 
However, many conventional security systems alter the 
manner in which application programs interface with 
the operating system environment. This can lead to 
compatibility problems. The risk of encountering com- 
patibility problems with conventional security systems 
in place is considerable, particularly since it is often not 
feasible to test all available application programs which 
a user may wish to run under the operating system 
environment. As an example, a conventional security 
system nay work properly for a particular spreadsheet 
program, but may intermittently and unexpectedly cor- 
rupt the data produced by a particular word processing 
or accounting program. This is clearly undesirable. 

The present invention overcomes the limitations and 
compatibility problems of conventional security sys- 
tems by providing a security system which automati- 
cally encrypts all data written to removable media, and 
which similarly decrypts all data read from that media. 
The invention works in a way which is completely 
transparent to the user and to the application program. 
The invention may be implemented without requiring 
use of passwords. This is a decided advantage, since 
password security is only as reliable as the persons hav- 
ing knowledge of the password. The invention is capa- 
ble of being implemented on both stand alone and net- 
worked computer systems. 

Rather than attaching to the computer system soft- 
ware at the disk operating system level as many conven- 
tional data security systems do, the invention attaches to 
the more primitive, computer hardware specific BIOS 
or Basic Input Output System level. Attaching to the 
computer system at the BIOS level, the invention must 
be implemented with a particular computer system 
hardware in mind. This has advantages over the con- 
ventional approach of attaching at the higher disk oper- 
ating system or DOS level, where compatibility with a 
plethora of application programs must be kept in mind. 

The invention provides a data security system for a 
computer system having a fixed data storage medium, a 
removable data storage medium and a buffer area for 
communicating with the fixed and removable data stor- 
age media. The security system comprises a security 
means communicating with the buffer area for automat- 
ically intercepting and encrypting data flowing from 
the buffer area to the removable data storage medium 
without intercepting and encrypting data flowing from 
the buffer area to the fixed data storage medium. 

In a presently preferred environment, the computer 
system has a processor for operating on data comprising 
arrangements of binary digits. The computer system has 
a power-on routine for causing the processor to scan a 
predetermined range of memory location addresses for 
instructions after power-on. The system includes a 
means for enabling the processor to communicate with 
the data storage media comprising program means for 
reading and writing data to a fixed data storage medium 
and to a removable data storage medium. The data 
security system of the invention comprises a security 
program disposed within the predetermined range of 
memory location addresses scanned by the power-on 
routine. The security program attaches itself at the 
BIOS level during the power-on routine and automati- 
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cally alters the program means for reading and writing 
data to the removable data storage medium. The secu- 
rity program is capable of transforming data communi- 
cated between at least one of the Fixed and removable 
data storage media and the processor. The transforma- 5 
tion is conducted so that data stored on the one data 
storage media is represented using a different arrange- 
ment of binary digits than is used when the data is oper- 
ated upon by the processor. Because the data is stored in 
a different arrangement of binary digits, the data will be 10 
virtually unintelligible when operated upon by a proces- 
sor in a computer system which does not have the in- 
vention's decryption capability. 

Further, the security system of the invention may be 
used in a computer system having a file storage struc- 15 
ture for storing data as individual files on different por- 
tions of a removable data storage medium. The struc- 
ture may include a file allocation table containing infor- 
mation for correlating the individual files with selected 
different portions of the medium. The security system 20 
comprises a means for encrypting and storing the file 
allocation information on the removable data storage 
medium. The .invention further comprises a means, non- 
removably associated with the computer system* for 
decrypting and using the information to correlate indi- 25 
vidual files with the selected portions of the medium, 
thereby permitting location and retrieval of data stored 
as files on the medium by the computer system. 

For a more complete understanding of the invention, 
its objects and advantages, reference may be had to the 30 
following specification and to the accompanying draw- 
ings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a perspective view of a microcomputer on 35 
which the invention may be implemented; 

FIG. 2 is an exemplary memory map diagram of the 
microcomputer of FIG. 1, useful in understanding the 
invention; 

FIG. 3 is a schematic diagram describing an exem- 40 
plary microprocessor architecture useful in understand- 
ing the invention; 

FIG. 4 is a detailed map diagram useful in under- 
standing the invention; 

FIG. 5 is a flow chart diagram depicting an algorithm 45 
for incorporating the data security system in an exem- 
plary microcomputer; 

FIG. 6 is a flow chart diagram of an interrupt routine 
for implementing the security system of the invention; 

FIG. 7 is a more detailed flow chart depicting an 50 
ecryption routine useful in practicing the invention; 

FIG. 8 is a similar flow chart routine depicting an 
decryption routine useful in practicing the invention; 

FIGS. 9a-9e comprise a series of memory register 
diagrams useful in understanding the encryption and 55 
decryption algorithms described in FIGS. 7 and 8; 

FIG. 10 is a string setup routine used by the routines 
of FIGS. 7 and 8; 

FIG. 11 is a flow chart illustrating the manner in 
which nonencrypted diskettes may be accessed when 60 
using the invention; 

FIG. 12 is a data flow diagram illustrating the inven- 
tion in operation. 

DESCRIPTION OF THE PREFERRED „ 
EMBODIMENT 

With reference to FIG. 1, a computer system similar 
to the IBM PC/XT is illustrated generally at 10. The 
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particular arrangement and identity of computer system 
components has been selected to aid in understanding 
the invention and is not intended to be a limitation upon 
the scope of the invention as set forth in the appended 
claims. Computer system 10 includes removable media 
storage system 12, such as a floppy diskette drive and a 
nonremovable or fixed media storage system 14, such as 
a Winchester hard disk drive. The removable media 
storage system is adapted to read and write upon re- 
movable floppy diskettes such as diskette 16. Floppy 
diskette drive 12 communicates with the computer sys- 
tem mother board 18 via the floppy diskette controller 
card 20 which is connected to the drive 12 by a ribbon 
cable 22. The hard disk drive 14 communicates with 
mother board 18 via hard disk controller card 24. The 
hard disk controller card and hard disk drive are con- 
nected by a ribbon cable 26. In contrast with the remov- 
able floppy diskette media 16 of floppy drive 12, the 
magnetic media platters 28 of hard drive 14 are perma- 
nently and hermetically sealed within the drive unit and 
are not intended to be removed by the user. 

Computer system 10 further comprises a block of 
random access memory or RAM 30 attached to mother 
board 18. At the heart of the computer system is micro- 
processor 32 which is attached to the mother board and 
which communicates with the various other systems on 
the mother board and with the disk drive controllers by 
means of a bus (not shown). The computer system fur- 
ther includes a block of read only memory or ROM 34 
on which certain basic input and output routines or 
program instructions are permanently stored. These 
routines are used by microprocessor 32 to perform basic 
computer functions such as reading and writing data to 
the removable and nonremovable media. Power is sup- 
plied to the mother board and to the disk drive units by 
power supply 36. In addition to the system ROM 34 on 
the mother board, computer system 10 may include 
additional ROM 35 on the controller cards such as the 
hard disk controller card 24. Typically, such additional 
ROM is used to provide additional program instruction 
routines needed to operate particular hardware associ- 
ated with a particular card. This allows additional fea- 
tures and capabilities to be added to the computer sys- 
tem without changing the system ROM 34 on the 
mother board, simply by plugging in additional cards 
into connectors or slots which communicate with the 
bus on the mother board. Two vacant slots 38 are illus- 
trated in FIG. 1. 

For a better understanding of the invention, some 
further explanation of a conventional computer system 
architecture may be helpful. In order to better illustrate 
the invention, certain aspects of the IBM PC/XT will 
now be described. Also, for purposes of illustration, it 
will be assumed that the IBM PC/XT computer system 
is using a PC-DOS or MS-DOS operating system. Of 
course, the invention can be implemented with other 
computer systems and with other operating systems. 

Referring to FIG. 2, a schematic memory map of the 
IBM PC/XT computer system is depicted. The IBM 
PC/XT computer of this example uses an 8088 Intel 
microprocessor, which is a 16 bit microprocessor in the 
Intel family of microprocessors which also includes the 
8086, the 80286 and 80386. The invention can be imple- 
mented using any of these microprocessors as well as 
the microprocessors of other manufacturers. 

The 8088 Intel microprocessor is capable of address- 
ing I megabyte of memory. To address this memory a 
20 bit numeric address comprised of a segment value 
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and an ofTset.value is used for each byte. According to The present invention takes control of the computer 
conventional nomenclature, the 20 bit numeric address during power-up and changes the information stored in 
can be represented using a 5 hexadecimal digit equiva- the vector table corresponding to floppy diskette con- 
lent. Thus the 1 megabyte memory space may be ad- troller routine, interrupt 40H. The vector table is 
dressed using values ranging from hex 00000 to hex 5 changed so that the interrupt 40H jump address or vec- 
FFFFF. tor address points to a different floppy diskette handling 

As shown in FIG. 2, the 1 megabyte memory space is routine which provides automatic encryption and de- 
mapped into different regions dedicated to specific cryption. Interrupt 40H is revectored during the auto- 
functions. The space from 00000 through 9FFFF com- tnatic power-up sequence, preferably during the power- 
prises the working RAM space into which application 10 on self-test or POST routine, during which time the 
programs can be loaded and run. The space from A0000 cannot interact with the computer to abort the 
through BFFFF is reserved for video display memory. revectoring sequence. By revectoring the floppy dis- 
The space from CO000 through FFFFF is set aside for kett e controller routines at an early stage in the power- 
ROM memory containing the basic input/output sys- U P sequence, the invention insures that encryption and 
tem or BIOS, the power-on self-test or POST routines 15 decryption facilities are always installed and operating 
and other primitive operating routines. Further details bv tne time the user can interact with the computer, 
of .the system architecture can be found in such sources Tne 8088 microprocessor used in the IBM PC/XT 
as the IBM Technical Reference for the PC/XT. automatically looks to high memory address FFFFF 

The 8088 microprocessor used in the IBM PC/XT for ils first operating instruction. The instruction at this 
employs a number of 16 bit registers which have been 20 hi S h memory ROM address is a jump instruction to the 
diagrammatically represented in FIG. 3. The chip ar- beginning of the reset routine. During or following the 
chitecture includes four 16 bit data registers AX, BX, reset routine a series of Power-on self-test (POST) rou- 
CX and DX; four 16 bit pointer and index registers SP, f mes are run ' routines are run before external 
BP, Si and DI; four 16 bit segment registers CS, DS, SS mput/output devices are initialized and activated, 
and ES; a 16 bit instruction pointer IP and a 16 bit flags 25 Hence the user cannot communicate with the micro- 
register. For more information on the register architec- P r £ essor . ?™ eT ' on self - tes f- . f . 
ture of the 8088 microprocessor, reference may be had °" e ° f * e P0S T 1 ?" tme ! v f h ^i° lf 
to the 8086 book by Rector and Alexy, Osbourne/Mc- R0M has been 1 T nSta "? d J n the thr ? u * h F400 ° 
Graw-Hill. Information can also be obtained from Intel 5n ^^^Sn^ 1 * recalIed * at £\ m T?T 

Corporation, 3065 Bowers Avenue, Santa Clara, Calif., 30 %?^^££? T T d 

9505 j controller card BIOS routines. This power-on self-test 

i 't . . , , r _ T _ routine scans the ROM space in the C8000 through 

1 £/S£ mfe m0re mem ° ry T P ° f FIG - F4000 ™& in 2K blocks. In accordance with the stan- 

f i^Sft u S K PaCC ^T Pn t eS 3 P ° rtl ^ r c n ^ ng adopted for the IBM PC/XT, a valid module 

from ^F4000 to which constitutes the system BIOS. Th 1S 35 within lhis P RQM has „ 55AA „> * 

BIOS physically resides on ROM I M on the mother locations of lhe blQ P ck with Q 1 h indicatQr 

board. Included m this system BIOS are the routine. tnird locatioa The len ' h indicato f is the code size of 

which instruct the microprocessor m causing the floppy the module in b divided b 5 n The ^ f h 

diskette drive to perform read and write functions The module b ins in the founh ]ocation 

f^^Vw^l-T**^ 3 POr u 0n n f ^c 40 ^ IBM PC/XT has a hard disk controller and thus 

C0O0O through F4FFF which constitutes the BIOS uses a rtion of the tiona , ROM fQT {u hard 

operating the hard disk controller Part of this memory disk controller routines, The present invention adds 
space is actually occupied by ROM chips on the hard additional code within the optional ROM space for the 
disk controller card 24 The remainder of this memory p Urpose 0 f revectoring the floppy diskette interrupt 
space reserved for hard disk controller purposes is con- 45 handling routine and for providing routines which per- 
ventionally left vacant. Empty chip sockets may be f orm the encryption and decryption of data written to 
provided on the hard disk controller card correspond- and rea d from the floppy diskette media. This additional 
mg to these vacant locations. As will be more fully co de is added at unused addresses within the optional 
explained below, the invention utilizes this vacant BIOS ROM space. If desired, the code may be added to the 
memory space m order to provide the encryption and 50 end of the existing hard disk controller BIOS, so that it 
decryption functions of the invention. In the presently forms a contiguous part of the module residing in the 
preferred embodiment for the IBM PC/XT the encryp- optional ROM space from C8000 through F40CXX If this 
tion/decryption routines reside in the BIOS ROM i s done, care must be taken to decrease the length indi- 
space at C9000. cat0 r in the third location at the beginning of the mod- 
At the other extreme end or low memory end of the 55 ule, so that the microprocessor POST routines will scan 
memory map from 00000 through 00400 is the interrupt the added code during the next scan cycle. For exam- 
vector table residing in RAM. The interrupt vector pie, ifthe first three locations of the hard disk controller 
table comprises a series of jump addresses in the form of module contain 55 AA 10, and it is desired to add an 
segment values and offset values which tell the micro- additional two blocks of 512 bytes, then the first three 
processor where the particular instructions for a partic- 60 locations should be made to read as follows, 55 AA OE. 
ular interrupt service handling routine may be found. Since the first three locations reside in ROM, it will be 
Because the interrupt vector table resides in RAM, the necessary to program a new EPROM or ROM in order 
vector jump addresses can be changed in order to sub- to change the third location value from 10 to OE and 
stitute different routines for the routines conventionally the checksum byte to an appropriate value, 
provided. The present invention takes advantage of this 65 When implementing the invention on an IBM 
feature by replacing the interrupt 40H floppy diskette PC/XT or like compatibles, the additional code re- 
controller routine with a new, augmented routine pro- quired to implement the invention can reside at the 
viding automatic encryption and decryption. C900 segment on the hard disk BIOS ROM. When 
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implementing the invention on an IBM AT, the code routine may be found by consulting the ROM BIOS 
may reside in optional ROM at the E0000 segment. The listing for the computer system on which the invention 
mother board on the IBM PC/AT has an empty ROM is to be implemented. In the alternative, the hard ad- 
socket which may be used to install the additional code. dress can be determined by a memory dump of the 
In the alternative, if the appropriate empty socket is not 5 appropriate portion of the interrupt vector table of the 
provided, the additional code can be installed on cards computer system on which the invention is to be imple- 
for insertion into one of the available expansion slots on mented. 

the mother board. Of course, the address chosen for the Next the address of the new diskette interrupt routine 
additional code should not conflict with existing BIOS (which includes the encryption and decryption algo- 
code within the system. 10 rithm) is written to the interrupt vector table. On the 

As will be explained more fully below, the presently IBM PC/XT, the offset of the new routine is written at 
preferred encryption and decryption algorithms oper- 00100H and the segment is written at 00102H. A de- 
ate upon the data being written to and being read from cryption flag defined within the IK working storage 
the floppy diskette media but not upon data being writ- space is next set to ON. This flag may be used with 
ten to and read from the hard disk media. Floppy dis- 15 auxiliary programs to allow the computer system modi- 
kette read and write requests (interrupt 40H) are inter- fied in accordance with the invention to temporarily 
cepted at the BIOS level so that the appropriate encryp- bypass the encryption and decryption capabilities as 
tion or decryption can be performed before (in the case may be needed to list directories of nonencrypted dis- 
of a write) or after (in the case of a read) control is kettes or to copy nonencrypted files to the computer 
passed to the original floppy diskette BIOS routine. In 20 system hard disk, for example. Following the revector- 
order to intercept read and write requests at the BIOS ing steps, control is returned to the power-on selftest 
level, the invention revectors the interrupt 40 routine by which then proceeds to completion as usual, 
changing the address pointed to in the vector table The modified floppy diskette interrupt handling rou- 
corresponding to interrupt 40H. Because the 8088 mi- tine is shown in FIG. 6. After establishing addressability 
croprocessor requires a 16 bit segment and a 16 bit 25 of the original BIOS diskette routine and the working 
offset in order to define the 20 bit address within the storage data, the routine tests to determine if the inter- 
memory space, each interrupt vector within the vector rupt request is for a read or for a write. If the request is 
table requires two 16 bit words (comprising a segment for a read and if the decryption flag is set, control is 
value and an offset value) to define the vector jump passed to the original diskette interrupt routine which 
location or pointer. Accordingly, interrupt 40H corre- 30 may be located using the hard address previously deter- 
sponds to an offset of 100H from the bottom of memory. mined. The original diskette routine reads data from the 
See FIG. 4 where interrupt 40H is designated beginning diskette and writes it to a data transfer buffer located in 
at address location 00100H. the working RAM space. Before control is returned to 

The steps for adding the encryption and decryption the disk operating system, however, the modified dis- 
routines by means of the power-on self-test are illus- 35 kette interrupt routine performs a decryption procedure 
trated in FIG. 5. As explained above, the power-on on the buffer area. Control is then returned to the call- 
self-test routine includes a routine which scans the op- ing program, which is typically the disk operating sys- 
tional ROM space and performs checksum tests on any tern or possibly an application program making diskette 
optional ROM modules found in the optional ROM read requests directly through the BIOS level, 
space. If the checksum is correct, the power-on self-test 40 If the decryption flag is not set, the original diskette 
routine calls the optional ROM modules, temporarily interrupt routine is used to read data from the diskette 
passing control to those modules. It is by this mecha- and place it in the buffer, whereupon control is returned 
nism that the invention takes control of the micro- to the calling program without decryption, 
processor during the power-on sequence in order to If the request is to write data to the diskette, the data 
revector the floppy diskette interrupt handling routine 45 waiting in the data transfer buffer is first encrypted by 
and in order to reserve the required RAM space used by the encryption algorithm discussed below. Thereafter, 
the encryption and decryption algorithms. More com- control is passed to the original diskette interrupt han- 
plete details of the power-on self-test routines and in dling routine which causes the now encrypted data to 
particular the routines for scanning and performing be written to the diskette. Before passing control back 
checksum tests can be found in the IBM Technical 50 to the calling program the buffer area, now containing 
Reference for the IBM PC/XT. encrypted data, is now decrypted so that it exists once 

The presently preferred initialization routine de- again in the original nonencrypted state. This is done to 
picted in FIG. 5 sets the new diskette interrupt address insure that any further use of the buffered data by the 
and then returns control to the power-on self-test computer will not be affected by the encryption proce- 
(POST) routine. The original diskette interrupt address 55 dure. 

may be determined and stored as a variable within the The encryption and decryption algorithms of the 
working storage space. In the presently preferred em- presently preferred embodiment are illustrated in FIGS, 
bodiment the interrupt address of the original diskette 7 and 8, respectively. The presently preferred encryp- 
interrupt is found at segment OF0O0 offset EC59 hexa- tion and decryption algorithms use a simple but effec- 
decimal. This address can be determined by consulting 60 tive technique which alters the bit pattern of each char- 
the interrupt vector table prior to the revectoring pro- acter stored on the diskette using a bitwise rotate opera- 
cess or the value may be determined in advance and tion. The rotate operation is performed in a micro- 
hard coded into the initialization routine. The presently processor data register using two clock cycles. The 
preferred embodiment employs the latter approach, as rotate operation is thus quite fast, 
hard coding of the original diskette routine address has 65 Referring first to FIG. 7, the encryption routine be- 
proven to be somewhat more reliable and does not gins by saving all registers used by the routine on the 
require storing the original diskette interrupt address as stack. The stack is a first in, last out data structure main- 
a variable. The hard address of the original diskette tained automatically by the computer system in a por- 
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tion of the working RAM for temporary storage. Both 
the encryption routine and the decryption routine oper- 
ate upon characters stored in the data transfer buffer 
using string manipulation instructions of the micro- 
processor. To use these string manipulation functions, 5 
the microprocessor must have the size of the data block 
to be operated upon as well as the starting location of 
the disk transfer buffer. In the presently preferred em- 
bodiment these starting requirements are needed for 
both encryption and decryption and therefore a string 10 
operation setup routine nay be implemented and shared 
for both encryption and decryption routines. 

FIG. 10 describes the string operation setup routine. 
This routine simply computes the number of words in 
the buffer to be operated upon. Diskette read and write IS 
operations which utilize the interrupt 40H routine place 
the number of sectors to be written in the AL register. 
(The AL register is the lower eight bit half of the AX 
register illustrated in FIG. 3.) Thus the number of 
words to be operated upon can be computed by multi- 20 
plying the number of sectors in the AL register by 256. 
This value is then stored in the CX register to be used as 
the count in subsequent loop operations. Next the begin- 
ning of the data transfer buffer is pointed to by setting 
the DS register equal to the ES register and by setting 25 
the SI register equal to the BX register. Read and write 
operations using interrupt 40H ordinarily presume that 
the address of the buffer is in the ES segment at a BX 
offset. After performing these setup routines, control 
returns to the calling encryption or decryption routine. 30 

Returning now to FIG. 7, having called the string 
operation setup routine, the encryption routine now 
rotates each word (comprising two characters per 
word) in the string bitwise 1 bit to the left. This proce- 
dure continue upon each word in a loop controlled by 35 
the decrementing count in the CX register until all 
words in the string have been encrypted. After the 
entire string of characters has been encrypted, the regis- 
ters previously saved on the stack are restored and 
control then returns to the modified interrupt handling 40 
routine of FIG. 6. 

The decryption algorithm is quite similar to the en- 
cryption algorithm and is shown in the flow chart of 
FIG. 8. As before, the first step is to save all needed 
registers on the stack and then to call the string opera- 45 
tion setup routine. Next the decryption routine enters a 
loop controlled by the count in the CX register. While 
in the loop each individual word within the string com- 
prising the data to be decrypted in the data transfer 
buffer is rotated bitwise I bit to the right. This operation 50 
has the opposite effect to that of the leftwise rotation 
used in the encryption routine. The decryption routine 
thus reverses the effect of the encryption routine and 
returns the characters to their original unencrypted 
state. After the entire string has been operated upon in 55 
this fashion, the registers saved on the stack are restored 
whereupon control returns to the modified diskette 
interrupt routine. 

FIG. 9 illustrates the manner in which the bitwise left 
rotation and bitwise right rotation are performed. As 60 
illustrated in FIG. 9a the rotate left instruction ROL 
moves each bit of the 1 6 bit AX register 1 position to the 
left, with the leftmost bit moving to the rightmost loca- 
tion as illustrated in FIG. 9b, the rotate right instruction 
ROR does the opposite: It moves each bit of the 16 bit 65 
AX register I bit to the right with the rightmost bit 
moving to the leftmost bit position. FIGS. 9c, 9d and 9e 
give an example of how the binary digits or bits of the 
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character U A" appear before any rotation operation 
(FIG.. 9c); after the rotate left instruction (FIG. 9d) and 
then after the rotate right instruction (FIG. 9e). For 
purposes of illustration, the ASCII representation, of 
"A" is shown in its binary form. After rotation to the 
left, the bit pattern of FIG. 9d now becomes that of the 
letter V," hence the original letter "A" is no longer 
intelligible. After a rotation right is performed on the bit 
pattern of FIG. 9d. the original ASCII representation of 
letter "A" is restored in FIG. 9e The standard ASCII 
character set is coded from 7 bits. The extended ASCII 
character set is coded from 8 bits. Because the AX 
register is a 16 bit register, 2 characters can be stored in 
the AX register at a single time. The rotate right in- 
struction ROR and the rotate left instruction ROL nev- 
ertheless operate on the entire 16 bit register. Thus the 
encryption of a given character (occupying either the 
upper or lower 8 bits of the AX register) will depend on 
what character is stored in the adjacent 8 bit portion. 
This has the advantage of encrypting the text string so 
that one having a copy of the nonencoded text string 
cannot readily create a translation table by comparing 
with a copy of the encrypted version. 

The simple bitwise rotation algorithm for encrypting 
and decrypting data is presently preferred for its speed. 
Bitwise rotation operations are performed in two micro- 
processor clock cycles. Of course, other algorithms can 
be substituted form the bitwise rotation algorithms. If 
desired one may employ encryption schemes offering 
many different possible combinations of algorithms so 
that the odds of two parties algorithms being uninten- 
tionally the same can be quite high. 

By altering all characters transferred via the BIOS 
interrupt 40H routine, the invention encrypts not only 
user data but also the file allocation table data and direc- 
tory designations. This renders an encoded diskette 
quite secure against unauthorized access. A diskette 
encrypted using the invention will not provide a readily 
readable directory listing under conventional disk oper- 
ating system commands. Each file on the diskette would 
be stored under an encrypted file name. Moreover, the 
file allocation table (FAT) which is used by the operat- 
ing system to locate the sectors of the diskette medium 
on which a particular file is located is also encrypted. 
Hence, the operating system without help from the 
decryption process cannot even identify which sectors 
are associated with a given file. 

Because the decryption algorithm is automatically 
invoked each time an interrupt 40H diskette read rou- 
tine is performed, a computer equipped with the inven- 
tion will not list the directory of a nonencrypted dis- 
kette using the conventional disk operating system di- 
rectory listing routine. Furthermore, a computer 
equipped with the invention will not permit a nonen- 
crypted diskette file to be copied onto the computer 
system hard disk due to the manner in which the read 
operation scrambles the data during decryption. Ac- 
cordingly, the invention provides additional directory 
listing and file copying routines which nay be used as 
substitute routines for those provided by the disk oper- 
ating system. 

FIG. 11 describes the algorithm with may be used to 
implement the additional directory and file copy rou- 
tines, the algorithm being essentially the same for both. 
The routine starts by testing to determine that the user 
wishes to employ the directory or copy routine via the 
floppy diskette drive, as opposed to the hard disk drive. 
Typically, the diskette drive A is treated as a floppy 
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diskette drive in the IBM PC/XT, for example. If the 
directory listing or file copy command is applicable to a 
different drive, such as the hard disk drive, then the 
routine gives an Invalid Drive Specification error mes- 
sage and ends, returning control to the disk operating 5 
system command" processor. On the other hand, if the 
drive is properly specified as the floppy diskette drive, 
the algorithm calls the OFF routine which temporarily 
revectors the interrupt 40H diskette drive handling 
routine to the original BIOS routine (without encryp- 1° 
tion/decryption). Next the appropriate directory of file 
copy program is called to implement the desired proce- 
dure. For example, if a directory listing is required, then 
the disk operating system DIR command is called. If a 
file copy operation is required, the disk operating sys- 15 
tern COPY is called. After the disk operating system 
command has executed,, the algorithm continues by 
calling the ON routine, which revectors the interrupt 
40H handling routine to the modified routine (with 
encryption/decryption) and the algorithm then ends, 
returning control to the command processor. 

When implementing the invention on an IBM 
PC/XT, the ON routine may be a short assembly lan- 
guage program which writes 07AH to the interrupt 40H 
offset address 00 100H and by writing the value 0C90OH 
to the interrupt 40H segment address at address location 
00102H. The OFF routine is similar but instead writes 
the value 0EC59H to the offset location and OFOO0H to 
the segment location. 3Q 

As diagrammatical I y depicted in FIG. 12, the inven- 
tion alters the data flow between the data transfer buffer 
and the removable data storage medium. The data trans- 
fer buffer is a block of memory residing in system RAM 
which contains the data to be written to the storage 35 
media and which receives data read from the storage 
media. As illustrated in FIG. 12, both the floppy dis- 
kette media 16 and the hard disk media 14 pass data to 
and from the data transfer bufTer. Although in FIG. 12 
the data transfer buffer is commonly shared by both 4Q 
floppy diskette and hard disk media, it is possible to 
construct a computer system in which separate data 
transfer buffers are used for each storage medium. 

As illustrated, communication of data between the 
data transfer buffer and hard disk 14 is handled by the 45 
original fixed disk handling routine provided by the 
computer system BIOS. With the invention imple- 
mented, communication between the data transfer 
buffer and the floppy diskette medium is handled by 
both the encryption and decryption algorithms of the 50 
invention as discussed above and also by the original 
removable diskette handling routines provided by the 
computer system BIOS. In accordance with the flow 
chart of FIG. 6, the encryption and decryption routines 
selectively perform encryption and decryption func- 55 
tions and then pass control to the original removable 
diskette handling routine. 

The presently preferred embodiment operates di- 
rectly upon the data in the data transfer buffer and in 
practice the data transfer buffer can be the same mem- 60 
ory space utilized as the data transfer area or DTA 
which is accessed by the removable diskette interrupt 
handling routine (interrupt 40H in the IBM PC/XT). Of 
course, if desired, the invention can be implemented in 
a fashion where the actual encryption and decrYption 65 
operations are performed on copies of the data stored in 
the data transfer area and by then using BIOS function 
calls to redefine the location of the data transfer area to 



be the buffer containing the encrypted or decrypted 
data. 

From the foregoing it will be seen that the present 
invention provides an encryption and decryption sys- 
tem which is automatically installed during the power- 
on self-test routine and is therefore quite difficult for the 
user to defeat. The encryption and decryption takes 
place in direct response to the BIOS level floppy dis- 
kette controller interrupt. The encryption and decryp- 
tion routines are thus automatically invoked at a primi- 
tive level below the disk operating system kernel. This 
has the advantage of automatically encrypting the 
floppy diskette directory and file allocation table, so 
that even the manner in which information is stored on 
the diskette is altered so that ordinary diskette copy and 
directory listing routines will not work. Backup copies 
on floppy diskette of data stored on the hard disk using 
disk backup commands will be similarly encrypted. By 
being specifically attached to the diskette read and 
write sequence, read and write operations to the hard 
disk are not affected. Thus the integrity of the data 
stored on the hard disk is retained. 

While the invention has teen described in connection 
with a presently preferred embodiment suitable for 
installation on *ui IBM PC/XT and compatibles, the 
principles of the invention can be implemented on other 
systems. Furthermore, certain modifications and 
changes can be made to the system described herein 
without departing from the spirit of the invention as set 
forth in the appended claims. 

What is claimed is: 

1. In a computer system having operating system 
software, at least a portion thereof being loaded into 
read/write memory, said operating system software 
implementing a file storage structure for storing data as 
individual files on different portions of a removable data 
storage medium, said structure including file allocation 
table means stored on said removable data storage me- 
dium and containing file allocation information for cor- 
relating said individual files with selected different por- 
tions of said medium in a first predetermined manner, a 
security system comprising: 

means programmably linked to said potion of said 
operating system software loaded into read/write 
memory for encrypting and storing said file alloca- 
tion information on said removable data storage 
medium in an encrypted manner different from said 
first predetermined manner; and 

means associated with said computer system for de- 
crypting and using said file allocation information 
to correlate said individual files with said selected 
different portions of said medium, thereby permit- 
ting location and retrieval of data stored as files on 
said medium by said computer system, 

2. The security system of claim 1 wherein said means 
for encrypting comprises program means stored at least 
in part in nonvolatile memory. 

3. The security system of claim 1 wherein said means 
for decrypting comprises program means stored at least 
in part in nonvolatile memory. 

4. The security system of claim 1 wherein said com- 
puter system includes BIOS input/output program 
means interfaced with said operating system software 
for effecting storage and retrieval of data on said me- 
dium and wherein said encrypting means is associated 
with said input/output program means. 

5. The security system of claim 1 wherein said com- 
puter system includes BIOS input/output program 
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means interfaced with said operating system software 
for effecting storage and retrieval of data on said me- 
dium and wherein said decrypting means is associated 
with said input/output program means. 

6. In a computer system having a processor means for 5 
operating on data comprising arrangements of binary 
digits, a power-on routine for causing said processor to 
scan a predetermined range of memory location ad- 
dresses for instructions after power-on, means for en- 
abling said processor means to communicate with data 10 
storage media comprising first program means includ- 
ing first BIOS input/output program for reading and . 
writing data to a fixed data storage medium and second 
program means including second BIOS input/output 
program for reading and writing data to a removable 15 
data storage medium, said first and second BIOS input- 
/output programs being selectively invoked by inter- 
rupt signals associated with an interrupt vector table 
stored in read/write memory, a data security system 
comprising: 20 
security program means disposed within said prede- 
termined range of memory location addresses for 
automatically altering said second program means 
during said power-on routine; 
said security program means including an encryption 25 
BIOS program and a vector table altering pro- 
gram, said vector table altering program being 
automatically invoked during said power-on rou- 
tine to alter said interrupt vector table to substitute 
said encryption BIOS program for at least a por- 30 
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tion of said second BIOS input/output program 
without altering said first BIOS input/output pro- 
gram; 

said encryption BIOS program of said security pro- 
gram means transforming data communicated be- 
tween said removable data storage medium and 
said processor means such that said data stored on 
said removable data storage medium is represented 
using a different arrangement of binary digits than 
is used when said data is stored in said fixed data 
storage medium. 

7. The security system of claim 6 wherein said secu- 
rity program is stored at least in part in nonvolatile 
memory. 

8. The security system of claim 6 wherein said secu- 
rity program is stored at least in part in nonvolatile 
memory in which is also stored at least a portion of said 
instructions. 

9. The security system of claim 6 wherein said secu- 
rity program includes means for altering said data by 
bitwise rotation. 

10. The security system of claim 6 wherein said pow- 
er-on routine comprises at least one computer self-test 
routine. 

11. The security system of claim 6 wherein said secu- 
rity program causes said processor means to alter said 
program means for reading and writing at a time during 
said power-on routine before access to said computer 

system by external human input may be effected. 
* * * * * 
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